Authentication

Accessing resources via the Asset Layer API is done by apps using an app-secret. In order to access resources owned by individual users such as a user's assets, that user will need to authenticate with your app using their HandCash account.

When you create your app, you will provide a HandCash App ID. This HandCash App must have Asset Layer turned on as an app extension. Once the Asset Layer app extension is turned on, then Asset Layer will automatically receive an authentication token directly from HandCash when a user logs into your app. For instructions on how to set this up, check out App Setup.

Once a user is authenticated to your app, you can make API calls to Asset Layer to access assets owned by this user. When you do this, we use an auth token that we received from HandCash when that user authenticated to your app in order to verify that the user is still authenticated and then use that token to perform the request if necessary. HandCash manages the signing process for any actions that have a corresponding blockchain transaction such as creating collections, minting assets, and transfering assets. HandCash will only enable these functions for authenticated users.

To learn more about setting up an Asset Layer app using HandCash authentication, check out Creating a New App. For a working example where you can see the authentication implemented in code, check out Sample App.